check the `addr` argument for PWQ_WAIT is aligned to an integer.

[~madcoder/pwqr.git] / kernel / pwqr.c

diff --git a/kernel/pwqr.c b/kernel/pwqr.c
index 8171596..7ce0700 100644 (file)
--- a/kernel/pwqr.c
+++ b/kernel/pwqr.c
@@ -368,9 +368,15 @@ do_pwqr_wait(struct pwqr_sb *sb, struct pwqr_task *pwqt,
 
        preempt_notifier_unregister(&pwqt->notifier);
 
-       if (is_wait && copy_from_user(&wait, arg, sizeof(wait))) {
-               rc = -EFAULT;
-               goto out;
+       if (is_wait) {
+               if (copy_from_user(&wait, arg, sizeof(wait))) {
+                       rc = -EFAULT;
+                       goto out;
+               }
+               if (unlikely((long)wait.pwqr_uaddr % sizeof(int) != 0)) {
+                       rc = -EINVAL;
+                       goto out;
+               }
        }
 
        pwqr_sb_lock_irqsave(sb, flags);